Fraudsters cashing in on public fear over password security

Search for:

Fraudsters cashing in on public fear over password security

Australians are warned to be aware of a scam which is targeting public uncertainty following publicised hacking events or data breaches. People are being sent links to fake sites which ‘test’ your logon details for popular sites such as Twitter, LinkedIn, Facebook, Hotmail and Gmail. But be warned, many of these are fake password checking sites, or similar and are phishing for your user name, password and other personal information. We look at this scam in more detail, and how it could impact you and your credit file.

Giving away your details to these sites could put you at risk of identity theft and credit fraud– so the message from Australia’s ‘Stay Smart Online’ is – always be suspicious of sites asking for your user name, password or personal information. If you’re not sure – don’t take the chance.

“Links to password checking sites often circulate on social media and email after publicised hacking events or breaches – such as the hacking of the Associated Press’s Twitter account – a time when checking the strength or security of your own account might seem appealing,” Stay Smart Online warned in an alert yesterday.

SSO advises never to enter your username and password anywhere except on the site it is intended for:

Don’t use links in emails or social media messages that take you to a log in page. Navigate there yourself independently to make sure you are on the legitimate site’s logon page.

Make sure the addresses of the websites you use are correct.

When logging on to a website, check for HTTPS (or a padlock) in the address bar. This is the secure form of HTTP. Websites that don’t offer HTTPS at logon are unsecured.

Always be suspicious of unsolicited emails, especially those seeking personal or financial information.

SSO says there are some legitimate password-checking sites out there, and some of the legitimate sites have been copied.

Legitimate sites can use minimal information supplied by you, such as your email address (not your password!) to check your address against lists of stolen information found in data dumps on hacker sites. Other legitimate sites may offer to simply test the strength of your password. But trying to distinguish the real from the fake may not be worth the risk.

SSO warns fake sites may be very difficult to distinguish from legitimate ones, and will simply collect your details.

“…someone then has everything they need to access to your account,” SSO states.

The danger in clicking on any link from an unknown source is not only that the personal information that you give out could be directly warehoused for future purposes of identity theft for fraud, but you could also end up downloading malware or a virus which takes that information from your computer.

Given that most people still use simplistic passwords and use them across multiple sites — as has been shown in a variety of data breaches and surveys — there’s a lot at stake when you give yours away. Imagine losing control of not only your social networks, but also access to your email, online banking and other personal and financial information.

Even if you catch the breach quickly, it will still be a colossal pain to get everything back to normal.

What can fraudsters do if they can get their hands on your personal information?

They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.

Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.

Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.

New laws coming through in March 2014 are aimed at protecting your credit file following an incidence of identity theft. If you know you have been scammed, you will be able to put a ‘ban’ on your credit file – so no one will be able to access your credit information – therefore protecting your credit information from misuse.

But if you don’t know you have been scammed until it’s too late, or if you can’t pinpoint what’s happened to you, it may be still be difficult to protect your credit rating. So you have to be sure you protect all of that, by staying ahead of scams such as this, and by keeping strong passwords.

* Change your password immediately. If you use the same logon information elsewhere you should also change these passwords, ensuring you create a unique password for each service.

* Contact the Police – as well as your bank – especially if you have given over personal information to fraudsters. Don’t be embarrassed – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place. You should also contact the credit reporting agencies that hold your credit file and inform them that you may be at risk of identity theft.

* Order a copy of your credit report. If there are any inconsistencies on your credit report – change of address, strange credit enquiries and credit you don’t believe you’ve accessed, then you may already be a victim – and should do all that’s possible to follow up on each account so as not to accrue defaults on your credit file that should not be there.

Credit file defaults are difficult for the individual to remove and generally people are told by creditors they remain on our file for 5 years, regardless of how they got there.

Although it seemed so easy for the fraudster to use your good name in the first place, you are now faced with proving the case of identity theft with copious amounts of documentary evidence.

If you have neither the time nor the knowledge of our credit reporting system that you may need to fight your case yourself, you can seek the help of a credit repairer. A credit repairer can help you to clear your credit file and restore the financial freedom you rightly deserve.

The reason a credit repairer is usually so successful in removing your credit file defaults, is their relationships with creditors, and their knowledge of current legislation.

Visit www.mycra.com.au for more information on identity theft or how to repair bad credit.

Black Friday and Cyber Monday are among the biggest shopping events of the year. But they also present some of the greatest opportunities for potential thieves and scammers. Before tapping in your credit card details to grab an online bargain, check these tips for protecting your personal information, and don’t fall for a deal that’s […]

The Office of the Australian Information Commissioner (OAIC) has received 242 notifications under the Notifiable Data Breaches (NDB) scheme in the period 1 April to 30 June 2018, according to the second quarterly statistical report on data breach notifications received under the scheme, released today. This is the first full quarter of operation of the […]

On 10 August 2018, the Minister for Health announced that the opt-out period would be extended until 15 November 2018. On 14 November 2018, the Minister for Health announced that the opt-out period would be further extended until 31 January 2019. This news item has been amended to reflect that. From today until 31 January […]

The Australian Government Agencies Privacy Code (the Code) came into effect on 1 July 2018, requiring Australian Government Agencies to move to a best practice approach to privacy governance across the APS, with the ongoing support of the Office of the Australian Information Commissioner (OAIC).

The 2018 Information Publication Scheme (IPS) Survey of Australian Government agencies that are subject to the Freedom of Information Act 1982 (Cth) has commenced. If you have any questions or require further information about the IPS Survey, please contact Mabel Dela Cruz of ORIMA Research on (02) 6109 6300 or surveys@orima.com or OAIC contact officer […]